+ Start a Discussion
sivaextsivaext 

Hybrid IOS mobile app to trap an expired session

Hi 

I tam relaoding total page when session expired ,it is working fine.

I am trying to increase performance using other snippet code in mobile sdk pdf but i am not clear couple places.

// Refresh oauth token
cordova.require("salesforce/plugin/oauth").authenticate(
  function(creds) {
   // Reload hidden iframe that points to a blank page to
   // to refresh Visualforce domain cookies
   var iframe = document.getElementById("blankIframeId");
   iframe.src = src;

   // Refresh CSRF cookie
   <provider>.refresh(function() {
     <Retry call for a seamless user experience>;
   });

  },
  function(error) {
    console.log("Refresh failed");
  }
);

can you please explain, what is <provider> here?  i read below lines in some blog , is it true to required case to enable CSRF?

I logged a case for this as I was able to perform CSRF hacks against methods annotated with @RemoteAction and the response is:

This is not enabled by default. You have to contact salesforce to get CSRF protection for Remote Actions turned on.

Can you please give small example for above code?

My code snippet here 

@RemoteAction
        global static List<Account> fetchAccountDetails(String name) {
            //system.assertEquals('fd','jk');
            // where Name LIKE \'%\''+name+'\'%\'
            String qry = 'Select Id,Name,BillingStreet,BillingCity,BillingCountry,BillingState,BillingPostalCode,FloraMobileApp__LGA_Name__c,FloraMobileApp__Stage__c,FloraMobileApp__Total_Order_Arrangements__c,FloraMobileApp__Trial_Arrangements__c,Industry,(Select Salutation,Name,Phone From Account.Contacts) From Account where Name LIKE \'%'+name+'%\' LIMIT 10 ';
            system.debug('search account results'+qry);
            return database.query(qry);
           
        }

function searchAccount(){
             //alert($j('#accountName').val());
            if($j('#accountName').val() != ""){
                //$j.mobile.loading( '', {text: 'Working....',textVisible: true,theme: 'a', html: ""});
                //alert('IN SEARCH METHOD');
                $j.mobile.showPageLoadingMsg("b", "Working....", true);
               
                Visualforce.remoting.Manager.invokeAction(
                    '{!$RemoteAction.MobilePageControllerTest.fetchAccountDetails}',
                    $j('#accountName').val(),                          
                    function(records,event){
                        if (hasSessionExpired(event)) {
                            // Reload will try to redirect to login page, container will intercept
                            // the redirect and refresh the session before reloading the origin page
                            //alert('expired');
                            window.location.reload();
                        }
                        else {
                        //alert(JSON.stringify(event));
                        currentAccountList.length = 0;
                        for(var i = 0; i < records.length; i++) { currentAccountList[records[i].Id] = records[i];} //alert(JSON.stringify(records[i]));
                        $j.mobile.hidePageLoadingMsg();
                       
                        if (event.status) {
                            //alert(JSON.stringify(records));
                            //alert(records[0].Contacts[0].Name);
                            $j('#listMainList').html("");
                            $j.each(records,function() {
                               
                                $j('<li data-theme="c"></li>').attr('id',this.Id).hide().append('<h4>' + this.Name + '</h4>').click(function(e) {
                                   
                                    e.preventDefault();
                                    $j.mobile.showPageLoadingMsg();
                                   
                                    $j('#accId').val(currentAccountList[this.id].Id);
                                    $j('#AccName').html(currentAccountList[this.id].Name);
                                   
                                   
                                    if(currentAccountList[this.id].BillingStreet == undefined){
                                        currentAccountList[this.id].BillingStreet = " ";
                                    }
                                    if(currentAccountList[this.id].BillingCity == undefined){
                                        currentAccountList[this.id].BillingCity = " ";
                                    }
                                    if(currentAccountList[this.id].BillingState == undefined){
                                        currentAccountList[this.id].BillingState = " ";
                                    }
                                    if(currentAccountList[this.id].BillingCountry == undefined){
                                        currentAccountList[this.id].BillingCountry = " ";
                                    }
                                    if(currentAccountList[this.id].BillingPostalCode == undefined){
                                        currentAccountList[this.id].BillingPostalCode = " ";
                                    }
                                   
                                    if(currentAccountList[this.id].FloraMobileApp__LGA_Name__c == undefined){
                                        currentAccountList[this.id].FloraMobileApp__LGA_Name__c = " ";
                                    }
                                    if(currentAccountList[this.id].FloraMobileApp__Stage__c == undefined){
                                        currentAccountList[this.id].FloraMobileApp__Stage__c = " ";
                                    }
                                    //alert('previous');
                                    if(currentAccountList[this.id].FloraMobileApp__Total_Order_Arrangements__c == undefined){
                                        currentAccountList[this.id].FloraMobileApp__Total_Order_Arrangements__c = " ";
                                    }
                                    if(currentAccountList[this.id].FloraMobileApp__Trial_Arrangements__c == undefined){
                                        currentAccountList[this.id].FloraMobileApp__Trial_Arrangements__c = " ";
                                    }
                                    if(currentAccountList[this.id].Industry == undefined){
                                        currentAccountList[this.id].Industry = " ";
                                    }
                                    var addr = " "+currentAccountList[this.id].BillingStreet+" "+currentAccountList[this.id].BillingCity+" "+currentAccountList[this.id].BillingState+" "+currentAccountList[this.id].BillingCountry+" "+currentAccountList[this.id].BillingPostalCode;
                                   
                                    $j('#AccAdd').html(addr);
                                    if(currentAccountList[this.id].Contacts == undefined){
                                        $j('#AccConName').html("");
                                        $j('#AccPhn').html("");
                                    }else{
                                        var salt='';
                                        contactId=currentAccountList[this.id].Contacts[0].Id;
                                        if(currentAccountList[this.id].Contacts[0].Salutation != undefined){
                                            salt=currentAccountList[this.id].Contacts[0].Salutation;}
                                        $j('#AccConName').html(salt+' '+currentAccountList[this.id].Contacts[0].Name);
                                        if(currentAccountList[this.id].Contacts[0].Name==""){
                                            $j('#addContact').show();
                                        }
                                        else
                                        {
                                            $j('#addContact').hide();
                                           
                                        }
                                        $j('#AccPhn').html(currentAccountList[this.id].Contacts[0].Phone);
                                        // alert(currentAccountList[this.id].Total_Order_Arrangements__c);
                                        $j('#LGA').html(currentAccountList[this.id].FloraMobileApp__LGA_Name__c);
                                        $j('#ST').html(currentAccountList[this.id].FloraMobileApp__Stage__c);
                                        $j('#TOA').html(currentAccountList[this.id].FloraMobileApp__Total_Order_Arrangements__c);
                                        $j('#TA').html(currentAccountList[this.id].FloraMobileApp__Trial_Arrangements__c);
                                        $j('#Industry').html(currentAccountList[this.id].Industry);
                                       
                                    }
                                   
                                    // $j('#accountName').val(currentAccountList[this.id].Name);
                                    $j.mobile.hidePageLoadingMsg();
                                    //alert('Testing')
                                    $j.mobile.changePage('#detailpage', {changeHash: true});
                                }).appendTo('#listMainList').show();
                            });
                           
                        }
                    }
                    },{escape: true,maxretries: 2 });
            }else{
                $j('#listMainList').html("");
            }
        }
        function hasSessionExpired(event) {
            return (event.type == "exception" && event.message.indexOf("Logged in?") != -1);
        }

Thanks & Regards
Siva.
Ashish_SFDCAshish_SFDC
Hi Siva, 


Salesforce.com enabled validation checks for CSRF tokens in the Summer '10 release.

In the Beta and pre release we have this feature enabled by request only.

You can go to the path below and enable it yourself for your Org, 

Setup >> Security Controls >> Session Settings >> Cross-Site Request Forgery (CSRF) Protection (If not already enabled)


Consumer Public Key: The consumer key from your remote access provider

http://iosmix.com/salesforcemobilesdk-ios/spec-settings-itunes-unit-setup-feedback-side-development-passcode-project


Regards,
Ashish